A cross-site request forgery (CSRF) attack is a type of computer attack that occurs when an attack perpetrator submits an illegitimate request to a targeted server using a security credential that is misappropriated from an authorized user. The perpetrator will often initiate the CSRF attack by tricking the authorized user into activating a reference, such as a hyperlink, at a server other than the targeted server, such as at a website operated by the perpetrator. The activated reference generates the illegitimate request and routes it to the targeted server using a resource provided by the authorized user, such as the authorized user's web browser. The authorized user's browser, in accordance with standard hypertext transfer protocol (HTTP) processing, automatically adds the appropriate security credential to the request when it is submitted to the targeted server. Because the targeted server cannot detect that the request was forged by an unauthorized user with a misappropriated security credential, it responds to the request as normal. The CSRF attack can therefore be understood as exploiting the trust that the server has in the authorized user, and in the particular context of HTTP communications, in the authorized user's browser. A CSRF attack is thus distinguishable from a man-in-the-middle (MitM) attack, which occurs when an attacker secretly relays—and possibly alters—communications between two parties, such as a server and a trusted user. The impact of a successful CSRF attack therefore varies greatly depending on the role of the authorized user whose security credential is misappropriated. This is because the CSRF attack allows the perpetrator to perform transactions that normally only the authorized user would have been allowed to perform. One way of defending against CSRF attacks is by including an unpredictable challenge token, in addition to the security credential, with each server request. This unpredictable challenge token can be generated, for example, by a web form or a hypertext markup language (HTML) link. Another way of defending against CSRF attacks is to configure the web server to refuse to respond to requests received from a client after a predetermined time since a first communication with the client.